---
title: Turborepo 1.2
description: Turborepo 1.2 introduces improved task filtering, artifact signing and integrity, human-readable and JSON dry runs, and more!
date: '2022/04/08'
tag: 'web development'
---

<h1 className="text-center">Turborepo 1.2</h1>

import { Date } from '#components/blog/date';
import { Authors } from '#components/authors';

<Date>Friday, April 8th, 2022</Date>

<Authors authors={['jaredpalmer', 'becca__z', 'gaspargarcia', 'gregsoltis']} />

Since releasing Turborepo v1.1 in late January, we've seen incredible adoption and community growth:

- **6.5k+** [GitHub Stars](https://github.com/vercel/turbo)
- **140k+** weekly npm downloads (doubling since our [last blog post for v1.1](/blog/turbo-1-1-0))
- **95+** OSS contributors
- **900+** members of the [Turborepo Community Discord](https://turborepo.com/discord)
- **1.6 years** of Time Saved through Remote Caching on Vercel, saving more than 2.5 months every week

We've further improved ergonomics, observability, and security with Turborepo v1.2 featuring:

- [**New Task Filtering API**](#new-task-filtering-api): `--filter` adds more powerful task filtering capabilities to `turbo run`
- [**Human-readable and JSON dry runs**](#debug-and-automate-with---dry-run): `--dry-run` flag can print out information about a `turbo run` without executing any tasks, in both human and JSON-parse friendly formats
- [**Improved Internal Scheduler and Graph**](#improved-internal-scheduler-and-graph): We refactored `turbo` 's internal scheduler and graph to be more ergonomic and predictable
- [**Enhanced Remote Cache Security**](#cache-outputs-integrity-and-signature-verification): Cryptographically sign remote cache artifacts with your own secret key

Update today by running `npm install turbo@latest`. After running `turbo run` for the first time, you'll see instructions about how to use `@turbo/codemod` to run automatic migrations for `v1.2`.

## New Task Filtering API

We are excited to release one of our most requested features: the ability to expressively filter tasks through a `--filter` flag. The `--filter` flag is the much more powerful successor to the current combination of `--scope`, `--include-dependencies`, `--since`, and `--no-deps` flags.

With `--filter` you can tell `turbo` to restrict executing commands to a subset of matched packages in your monorepo based on name, folder, or even if it has changed since a git commit ref.

Take a look at some examples of what you can accomplish with the new `--filter` command:

- `--filter=<package_name>` - match by exact package name or glob pattern
- `--filter=...<package_name>`- match by package name/glob and include all dependent packages of matches
- `--filter=...^<package_name>`- match by package name/glob and include all dependent packages of matches, but exclude the matches themselves
- `--filter=<package_name>...` - match by package name/glob and include all the matched packages' dependencies
- `--filter=<package_name>^...` - match by package name/glob and include all matched package dependencies, but exclude the matches themselves
- `--filter={./path/to/package}` - match by path or filesystem glob pattern
- `--filter=[origin/main]` - match by changed packages since a git commit ref

You can use multiple filters together to get even more granular filtering as well as combine each part of the above patterns `{}`, `[]` , `^` , and `...` to express more complex behavior.

For example, if you had an app located in `./apps/web` directory with local packages used as dependencies, and a Turborepo pipeline where `test` depends on `^build` topologically, running:

```bash title="Terminal"
turbo run test --filter={./apps/web}[HEAD^1]^...
```

would tell `turbo` to ensure dependencies are built and to run the `test` script in all of the local dependencies of the app located in `./apps/web`, not including that app itself, if the app has changed since HEAD^1.

For more details and examples, refer to the new [filtering documentation](/docs/crafting-your-repository/running-tasks#using-filters).

## Debug and Automate with `--dry-run`

You can now see the impact of `turbo run` without actually executing any commands by appending either `--dry-run` or `--dry-run=json` to any `turbo run` command. This will result in either human or JSON output.

Dry runs are incredibly useful for two situations:

- Debugging and testing run options
- Using `turbo` filtering and task graphs for building automations

{" "}

<div className="overflow-hidden lg:rounded-xl">
  ![Turborepo Dry Run](/images/blog/turbo-1-2-0/turbo-dry-run.png)
</div>

We hope that this will improve visibility into what `turbo` is doing, speeding up debugging, and make it easier to leverage `turbo` in dynamic CI/CD systems.

## Improved Internal Scheduler and Graph

When using `turbo run`, every `package.json` task is added to an internal graph to map dependencies based on the inferred relationships defined in your Turborepo `pipeline`. This task graph allows Turborepo to efficiently schedule incremental concurrent task running and cache task outputs for later use.

We have made major improvements to the internal task scheduler and resulting graph structure, resulting in better performance and a better developer experience. For example, in many cases, you will no longer need to use `--include-dependencies`. Instead, after specifying your task entry points, the new and improved graph will automatically handle this graph resolution on your behalf.

## Cache Outputs Integrity and Signature Verification

You can now configure Turborepo to sign remote cache outputs using HMAC-SHA256 with a secret key before uploading them to the Remote Cache. When Turborepo downloads signed cache artifacts, it will now verify the artifact's integrity and authenticity. Any artifact that fails to verify will be ignored, discarded, and treated as a cache miss by Turborepo.

To enable this feature, set the `remoteCache` options in your `turbo.json` config file to include `signature: true`. Then specify your secret key by declaring the `TURBO_REMOTE_CACHE_SIGNATURE_KEY` environment variable.

```jsonc title="./turbo.json"
{
  "$schema": "[https://turborepo.com/schema.json](https://turborepo.com/schema.json)",
  "remoteCache": {
    // Indicates if signature verification is enabled.
    "signature": true
  }
}
```

## Other bug fixes and improvements

- `--sso-team` flag now enables teams with SAML tokens to log in through `turbo login` with correct team permissions
- `--log-output` flag allows you to control what logs are printed to the terminal, and when, allowing you to focus only on what's new
- `FORCE_COLOR` environment variable is now supported
- `TURBO_FORCE=true` environment variable will now force execution
- `--remote-only` and `TURBO_REMOTE_ONLY=true` will tell `turbo` to only use Remote Caching
- We now show `>>> FULL TURBO` when there's at least one task attempted
- Yarn v2+ with Plug'n'Play (PnP linker) is supported for the `turbo run` command, but `turbo prune` is still not fully supported
- Fixed regression with chrome tracing if `--profile` is specified
- You can now set concurrency by percentage of CPUs with `--concurrency=50%`

## We're hiring!

The Turborepo team at [Vercel](https://vercel.com/) is hiring! We're up to five core team members already this year and are looking to hire even more. We're specifically looking for full-time [Senior Build Systems Engineers](https://vercel.com/careers).

## What's next?

Along with seamless incremental adoption/migration and speeding up CI/CD, we've been focusing on improving Turborepo's day-to-day ergonomics, security, and observability. The new `--filter` flag, signed artifacts, and dry runs are important steps toward those goals.

Next up, we'll be focusing an enhanced local development experience, codebase automations, and overall CLI performance.

## Thank you, contributors

Turborepo is the result of the combined work of over 95 individual developers and our core team.

This release was brought to you by the contributions of: @gsoltis09, @jaredpalmer, @gaspar09, @shuding, @rajatkulkarni95, @VanTanev, @Kikobeats, @tknickman, @thebanjomatic, @chelkyl, @elado, @finn-orsini, @becca, @weyert, @ekosz
